Short description
Many admins, including I, want to put some raw html pages on wiki sites.
Although parsers of raw/html have been put in ParserMarket, they introduce insecure XSS holes into the whole wiki site.
Since it is very difficult to purify raw html content to a secure level, I suggest to add another ACL right for creating insecure content such as raw html pages in the configuration items used to setup ACLs on a moin site.
Here is an example:
Entry |
Default |
Description |
acl_rights_default |
u"Trusted:read,write,delete,revert,write_insecure\ |
only used when no other ACLs are given on the page being accessed |
I think the safe html parser solves all of these issues. It removes every dangerous part of the html page. -- ReimarBauer 2009-09-05 14:54:34